TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
829
Web page, a remote attacker could execute arbitrary code on the system with the privileges of the victim. Update the
latest version available from vendors web site. Alternatively user can set the kill bit for CLSID CA8A9780-280D-
11CF-A24D-444553540000.
Signature ID: 34716
Adobe Reader AcroPDF.dll ActiveX denial of service vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6027 Bugtraq: 21813
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Reader 7.0.8.0 is vulnerable
to denial of service via sending long string argument to src method. By persuading a victim to visit a specially-crafted
Web page containing UTF-16 encoded exploit data, a remote attacker could execute arbitrary code on the system with
the privileges of the victim. Update the latest version available from vendors web site. Alternatively user can set the kill
bit for CLSID CA8A9780-280D-11CF-A24D-444553540000.
Signature ID: 34717
Adobe Reader AcroPDF.dll ActiveX denial of service vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6027 Bugtraq: 21813
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Reader 7.0.8.0 is vulnerable
to denial of service via sending long string argument to src method. By persuading a victim to visit a specially-crafted
Web page containing UTF-16 encoded exploit, a remote attacker could execute arbitrary code on the system with the
privileges of the victim. Update the latest version available from vendors web site. Alternatively user can set the kill bit
for CLSID corresponding to the progid AcroPDF.PDF to resolve this issue.
Signature ID: 34718
VMware IntraProcessLogging.DLL Arbitrary File Overwrite vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4059 Bugtraq: 25110
Signature Description: VMware Workstation is powerful desktop virtualization software for software
developers/testers and enterprise IT professionals that runs multiple operating systems simultaneously on a single PC.
Users can run Windows, Linux, NetWare, or Solaris x86 in fully networked, portable virtual machines - no rebooting or
hard drive partitioning required.The VMware Workstation(Workstation 5.5.3.42958) is vulnerable to a arbitrary code
execution via SetLogFileName method. A remote attacker could exploit this vulnerability to execute arbitrary code on
the system with the privileges of the victim. Update the patches available from vendor web site. Alternatively user can
set the kill bit for CLSID AF13B07E-28A1-4CAC-9C9A-EC582E354A24.
Signature ID: 34719
Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0605 Bugtraq: 8234
Signature Description: There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The
failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed
Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. The vulnerability results
because the Windows RPCSS service does not properly check message inputs under certain circumstances. After
establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying
Distributed Component Object Model (DCOM) process on the remote system to fail in such a way that arbitrary code
could be executed. To exploit this vulnerability, the attacker would require the ability to send a specially crafted request
to port 135, 139, 445 or 593 or any other specifically configured RPC port on the remote machine.